Keylogger question

[micdhack]

My wow account was hacked and since i logged in more from ubuntu than windows i wanted to ask if it is possible a keylogger to be installed through wine and if it could start automatically to monitor the system each time linux starts or each time i start some wine application.
By the way i used antivirus to scan linux and wine directories and nothing was found

[vitamin]

wanted to ask if it is possible a keylogger to be installed through wine and if it could start automatically to monitor the system each time linux starts or each time i start some wine application.

All keyloggers that use drivers won't work on Wine. If they get keys in some other way (LL_HOOK for example) then yeah they could work I guess.

I never heard of key logger for Linux. But don't see any major problems with writing one. There are number of ways how to receive all key events. However they all disabled by default in most distros.

[micdhack]

Im asking cause my wow account was hacked. so i spend all day scanning and trying to find if there was a leak in my system that lead to this.
So far i found nothing of such but is hard to believe that 8char password could be broken by hacker just by brute force. Guessing is out of the question cause the password has no meaning or word reference.

[Daemon]

http://www.google.com/search?hl=en&q=cr ... outube.com

[micdhack]

lol most of this things are social engineering scams and im 100% certain that i havent said my wow password nowhere

[Plamen.Vassilev]

8 char password actually is _NOT_ that hard to break by brute force.

http://www.lockdown.co.uk/?pg=combi

[Daemon]

If 8 characters is the max for a password , it's Blizzard's own fault. :^)

[micdhack]

the thing is that even if there is a limit about 8 char passwords, it cant be broken by brute force...just the delay of trying each password would need years

[jay]

Another possibility would be that you clicked some "evil" external link on the official WoW forums that (afaik) use the same login as the game.
That linked page would use javascript to extract your login cookie and getting your password in some way.
I think that only worked with IE though.

[micdhack]

now thats a good explanation that i could live with. At least its a possibility that i know how this might have happened.

[Addys]

A keylogger could theoretically work on wine if it was designed specifically to do so (eg. the way vitamin pointed out), 99% of them won't though.

Using a different WINEPREFIX to play your games will sandbox you and eliminate once again whatever risk is left

[Martin Gregorie]

On Wed, 2011-10-26 at 02:38 -0500, isobella wrote:

In my experience, the keylogger is invisible, and it run with other
applicatioons. What's more, most keyloggers are undetectable. While, I
know a very simple way to detect it. Type CTRL + ALT + DELETE, it will
open your Task Manager, Processes tab look for BKP. exe or AKL. exe,
if you find the BKP. AKL exe or. exe's why you have keylogger.
* Remembering that if you can not always detect Keylogger by CTRL +
ALT + DELETE.

A more general way to find unexpected processes is to run "ps -ef" from
a terminal. Either pipe it into less:

ps -ef |less

where you can search on keywords or simply scroll through the list, or,
if you already know the keyword, pipe it into grep:

ps -ef | grep '\.exe'

will show you all the .exe programs that are currently running. If you
want to know more about a program, apropos and man are your friends:

apropos wine
man wine

apropos shows one line describing anything that has your search term in
the first line or its man page:

$ apropos wine
msiexec (1) - Wine MSI Installer
notepad (1) - Wine text editor
regedit (1) - Wine registry editor
regsvr32 (1) - Wine DLL Registration Server
wine (1) - run Windows programs on Unix
wineboot (1) - perform Wine initialization, startup, and
shutdown tasks
winecfg (1) - Wine Configuration Editor
wineconsole (1) - The Wine console
winefile (1) - Wine File Manager
winemine (1) - Wine Minesweeper game
winepath (1) - Tool to convert Unix paths to/from Win32
paths
wineserver (1) - the Wine server

while typing "man wine" shows the whole man page.


Martin

[isobella]

On Wed, 2011-10-26 at 02:38 -0500, isobella wrote:

In my experience, the keylogger is invisible, and it run with other
applicatioons. What's more, most keyloggers are undetectable. While, I
know a very simple way to detect it. Type CTRL + ALT + DELETE, it will
open your Task Manager, Processes tab look for BKP. exe or AKL. exe,
if you find the BKP. AKL exe or. exe's why you have keylogger.
* Remembering that if you can not always detect Keylogger by CTRL +
ALT + DELETE.

A more general way to find unexpected processes is to run "ps -ef" from
a terminal. Either pipe it into less:

ps -ef |less

where you can search on keywords or simply scroll through the list, or,
if you already know the keyword, pipe it into grep:

ps -ef | grep '\.exe'

will show you all the .exe programs that are currently running. If you
want to know more about a program, apropos and man are your friends:

apropos wine
man wine

apropos shows one line describing anything that has your search term in
the first line or its man page:

$ apropos wine
msiexec (1) - Wine MSI Installer
notepad (1) - Wine text editor
regedit (1) - Wine registry editor
regsvr32 (1) - Wine DLL Registration Server
wine (1) - run Windows programs on Unix
wineboot (1) - perform Wine initialization, startup, and
shutdown tasks
winecfg (1) - Wine Configuration Editor
wineconsole (1) - The Wine console
winefile (1) - Wine File Manager
winemine (1) - Wine Minesweeper game
winepath (1) - Tool to convert Unix paths to/from Win32
paths
wineserver (1) - the Wine server

while typing "man wine" shows the whole man page.


Martin

Your way is much more general, I tried it yesterday, it worked.